FreeBSD Errata: Deadlock in ULE scheduler

A problem has been identified with the FreeBSD 7 series ULE Scheduler :

FreeBSD has two schedulers: the classic 4BSD scheduler and a newer, more SMP-aware scheduler called ULE. The 4BSD scheduler was the default scheduler until FreeBSD 7.0. Starting with FreeBSD 7.1 the default scheduler is ULE.

The scheduler is responsible for allocating CPU time to threads and assigning threads to CPUs. Runnable threads (i.e. threads which arenot waiting for a blocking operation, such as an I/O operation, memory allocation or lock acquisition, to complete) are assigned to a CPU and placed in that CPU’s run queue. Each thread and each CPU’s run queue is protected by a separate lock.

II. Problem Description

When a thread is reassigned from one CPU to another, the scheduler first acquires the thread’s lock, then releases the source CPU’s run queue lock. The scheduler then acquires the target CPU’s run queue lock and holds the lock while it adds the thread to the queue and signals the target CPU. Finally it reacquires the source CPU’s run queue lock before unlocking the thread. A thread on the target CPU, having been notified of the reassigned thread’s arrival on the target CPU’s run queue, will then acquire the thread’s lock before switching it in.

For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit http://security.freebsd.org